Rocksolid Light

Welcome to novaBBS

register   nodelist   faq  

Your account also provides newsreader access to all groups at news.i2pn2.org port 119 or 563 (TLS)


rocksolid / Hacking / Re: ssl apocalypse, anyone ?

SubjectAuthor
* ssl apocalypse, anyone ?anon
`- Re: ssl apocalypse, anyone ?Retro Guy

1
Subject: ssl apocalypse, anyone ?
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.hacking
Organization: def5
Date: Tue, 3 Mar 2020 21:13 UTC
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.hacking
Message-ID: <18e0ff1f12d626a6bfbab0a3fa3c9bf6@def4>
Subject: ssl apocalypse, anyone ?
Date: Tue, 03 Mar 2020 21:13:15+0000
Organization: def5
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers

the corona virus for the internet, in good sync with the real thing.
let's watch the whole thing collapse...suckers...just use tor, lol

Millions of websites face 'insecure' warnings

    3 March 2020

    Share Image copyright Getty Images

Some well-known websites could stop functioning properly on Wednesday, 4 March, after a bug was found in the digital certificates used to secure them.

The organisation that issues the certificates revealed that three million need to be immediately revoked.

Visitors to affected sites will be greeted with an alert warning them the site is insecure.

One expert said the issue could result in a "loss of trust".

The internet security research group (ISRG) is the non-profit organisation behind the project, Let's Encrypt, and last month celebrated issuing its billionth certificate.

The project has some high-profile backers, including Cisco, Facebook and Google, and is widely credited as one of the driving forces behind businesses securing their websites.

In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code.

"Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologise for the issue."
'Unacceptable'

Digital certificates are basically small pieces of code created by using sophisticated mathematics that ensure that communication between devices or websites are sent in an encrypted manner, and are therefore secure.

They play an essential role in keeping IT infrastructure up and running safely and are issued by certificate authorities, who electronically verify that the certificates are genuine. When issued, these certificates are given an expiration date of anything between a few months and several years.

Visitors to those websites not able to renew their certificate by this date will see security warnings telling them that the site is insecure.

On a community forum, one website manager, based in New Zealand, complained he had only received "75 minutes" notice of the need to update, which he said was "unacceptable".

Alan Woodward, a professor of computer science at Surrey University, told the BBC: "Let's Encrypt is a significant part of the security infrastructure of the web."

He said that while it had "responsibly" revealed the bug, its clients faced uncertainty.

"Nobody knows how they will deal with it. Businesses will have to apply for a new certificate so there could be an interruption to services which will result in a loss of trust. Users will experience websites that say they have a security problem."

While the organisation has issued a list of the certificate numbers, it has not made public the names behind them but Prof Woodward said it would probably affect "well-known" websites.


Posted on def4


Subject: Re: ssl apocalypse, anyone ?
From: Retro ...@rslight.i2p (Retro Guy)
Newsgroups: rocksolid.shared.hacking
Organization: Rocksolid Light
Date: Tue, 3 Mar 2020 22:44 UTC
Path: i2pn2.org!.POSTED!not-for-mail
From: Retro ...@rslight.i2p (Retro Guy)
Newsgroups: rocksolid.shared.hacking
Subject: Re: ssl apocalypse, anyone ?
Date: Tue, 3 Mar 2020 22:44:33 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <f7eac537a76d3e01554ffca8a25717db$1@news.novabbs.com>
References: <18e0ff1f12d626a6bfbab0a3fa3c9bf6@def4>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 3 Mar 2020 22:44:33 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="24546"; mail-complaints-to="usenet@i2pn2-novalink.localdomain"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Spam-Level: *
X-Rslight-Site: $2y$10$O1sc.VsvRND58G3tEAivoO29tpOy4Disv/ZfHLLFVhIiE2zci3xY6
View all headers
And here's the email, which I just received:

We recently discovered a bug in the Let's Encrypt certificate authority code,
described here:

https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591

Unfortunately, this means we need to revoke the certificates that were affected
by this bug, which includes one or more of your certificates. To avoid
disruption, you'll need to renew and replace your affected certificate(s) by
Wednesday, March 4, 2020. We sincerely apologize for the issue.

If you're not able to renew your certificate by March 4, the date we are
required to revoke these certificates, visitors to your site will see security
warnings until you do renew the certificate. Your ACME client documentation
should explain how to renew.

If you are using Certbot, the command to renew is:

certbot renew --force-renewal

If you need help, please visit our community support forum:
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

Please search thoroughly for a solution before you post a new question. Let's
Encrypt staff will help our community try to answer unresolved questions as
quickly as possible.

--
Posted on Rocksolid Light
news.novabbs.com


1
rocksolid light 0.6.6
clearnet i2p tor